Related to my previous post, I emailed WordPress lead developers about the vulnerability, and got this response from Andrew Nacin:
We’re aware of the report and have been investigating. If you are running the latest version of WordPress (4.0), you have nothing to worry about.
EDIT 2014-11-21: WordPress 4.0.1 is out, with several security fixes unrelated to the major vulnerability discovered by klikki.fi. There are also security releases in the 3.x series.
UPDATE 2014-11-10: WP 4.0 is not vulnerable.
The commenting feature on this blog has been temporarily disabled (using the Disable Comments-plugin) due to an apparently discovered vulnerability in all current versions of WordPress. The details of the vulnerability have not been published yet, but WordPress will publish fixed versions in the next few days.
I’m not certain disabling the comments will fully fix the vulnerability since no details have been published, but disabling commenting on all WordPress sites is something I’d recommend to everyone, just in case.
More information about the vulnerability in Finnish:
https://www.viestintavirasto.fi/tietoturva/tietoturvanyt/2014/11/ttn201411041006.html
http://klikki.fi/adv/wordpress_ennakko-fi.html
EDIT: There are rumours that the vulnerabilities are even worse. In order to prepare for that, I’ve now disabled write access to the database from my blog user, and removed write access to the file system as well, until more actual information is available. I’ve also wrapped an extra layer of tinfoil around my head.
After OS X 10.10 Yosemite came out, a lot of people noticed the OS sending private information to Apple’s servers without the user’s consent. I haven’t updated to Yosemite yet, and I might not update at all, largely because of such disturbing findings. Apple has released a statement saying “we take privacy seriously”, but sending my data anywhere should be my decision to make, not Apple’s.
In case I do decide to update to Yosemite later, I’ve compiled here all the settings changes that I need to do first thing after the update:
Disabling Continuity
“Continuity” is the name of the feature that allows you to continue working on the same files even though you switch devices. Unfortunately, this means that pretty much all your data and files(including ones you didn’t save!) need to be sent to Apple.
If you do not want files to be automatically sent to Apple’s iCloud servers, turn the feature off using the following method:
Click on the Apple icon (top-left of your screen),
Select System Preferences,
Click on iCloud, and
Deselect the “Documents & Data” checkbox.
You can continue to upload and download documents to iCloud using Apple’s iWork for iCloud apps. But your edited and unsaved documents will no longer be saved to iCloud, and you will lose automatic access to them on iOS 8 devices.
(http://www.ibtimes.co.uk/apple-mac-os-x-yosemite-secretly-uploading-private-data-icloud-servers-1471901)
Disabling Spotlight suggestions
By default, all your searches done through Finder and Safari are sent to Apple and/or Bing in order to give you autocomplete functionality in the search.
Luckily, Yosemite’s search-snooping can be switched off in seconds. In Mac OS X’s System Preferences, the functions can be found under “Spotlight” and then “Search Results.” From there you need to disable “Spotlight Suggestions,” “Bookmarks and History,” and “Bing Web Searches.” If you use Safari you will then need to disable the same “Spotlight Suggestions” function in the browser (under “Preferences” and then “Search”) to avoid having terms you type into its address bar shared with Apple by default too.
(http://www.wired.com/2014/10/how-to-fix-os-x-yosemite-search/)
Disabling sending location data
OS X sends real time “anonymous” location data to Apple.
To stop the sending of the location data to Apple, you need to disable Location Services.
Open System Preferences
Click on Security
Under the General tab
Click the Unlock button in the corner and enter your Admin password
Select the checkbox next to “Disable Location Services”
Close System Preferences
(http://osxdaily.com/2010/09/20/disable-the-sending-of-location-services-data-to-apple-from-a-mac/)
These are the ones I’ve found on the web so far. If you know of more things that Yosemite phones home about, please leave a comment below.
This has been discussed online at length, so I won’t go into details. In short, Finland’s State Regional Administration Agency (Avi) told the organizers of the “Beer and Whisky Expo” that if Google searches for “whisky” return links to their event, they’d lose their liquor licence and the event would have to be cancelled.
Consider the implications of that. Either:
A) Anyone can cancel someone else’s event just by blogging about it, or:
B) There’s no way to limit or control the advertising of hard liquors online, since you can always do it “as a private blogger”.
I’m leaning towards B), since the above article also says that:
Helsingin Sanomat reported on Sunday that the head of Avi unit for southern Finland, Anneli Taina, would be seeking an explanation if they had indeed threatened organisers with license cancellation.
If Avi determines that their bureaucrat was in the wrong when they threatened with the cancellation of the licence, we can expect to start seeing a lot of “private bloggers” writing about events and products that can’t be advertised.
I originally wrote this as a comment on the Tested.com Still Untitled episode about worst jobs, and it just seemed postworthy enough to publish here as well.
I ended up with my worst job ever after responding to an classifieds ad about “warehouse work”. I had previously worked at an auto parts warehouse driving a forklift and picking parts for orders, which was a completely decent job, so I figured this one would be something similar.
After I got to the address from the ad, I found myself in an office for a factory manager. He was nice enough, and led me to the factory floor for my orientation, which was given to me by a nice, if rather odd, middle aged woman.
“So, here’s your workstation. See, these spray cans of insecticide come from the conveyor belt on your left. You take 12 of them, put them in one of these boxes, and push the box along on the conveyor belt on your right!”
“Ok… and that’s it??”
“Oh, no. See behind you, there’s a machine that puts on the caps and the nozzles on the cans? You need to keep those vats filled with the caps and the nozzles from those big bags. If the bags run out, you get more from the storage room over there.”
“Ok?”
“That’s it, let’s get to work!”
So, I’d sit there, wait for the cans to come from my left, put the cans in a box, and push the box on to the next conveyor belt on my right.
You’d think that the mind numbing boredom of doing that would be enough, wouldn’t you? Alas, no. The icing on the cake was that if I neglected to fill the vat with the nozzles, the machine wouldn’t notice it. Instead, it would happily keep doing what it did, but without the nozzles, every time the machine tried to install one, it would instead spray a good amount of insecticide in the air. Right behind me, on a factory floor with poor ventilation. And it would keep doing it until I stopped the machine to fill the vat with the nozzles again.
So, instead of getting bored out of my skull doing repetitive and menial work, I’d get bored out my skull doing repetitive and menial work inside a cloud of toxic chemicals! It occurred to me that my co-worker might not have been born as odd as she was.
I lasted until the lunch break, at which point I went to the manager’s office, politely let him know that this wasn’t my idea of “warehouse work”, and left the building, still slightly dizzy from the fumes.
I’ve worked in a restaurant kitchen doing dishes, in a cafe preparing food and as a cashier, as a forklift driver, doing early morning newspaper deliveries, as a pizza delivery guy, a pizza cook, a removalist, an assistant webmaster for a government office, as a warehouse worker unloading containers, as a parachute packer, a parachute rigger, a tandem skydiving instructor, a cleaner in a coal power plant, a software developer and currently as a “technical project manager”.
Oh wow. I don’t think I’ve ever actually listed all of my jobs like that. That’s a surprisingly long list.
Anyway, having experience from so many different walks of life definitely gives some perspective. Any time I get unhappy about my current job, I try to remember that it could be much worse.
There are plenty of RSS readers out there, but I just found one that fits my minimalistic CLI needs like a glove: Newsbeuter. It’s available for OS X via Homebrew (as well as multiple flavours of Linux).
Installing Newsbeuter wasn’t quite as straightforward as it could’ve been, especially since I wanted to be able to launch it into iTerm from the Dock, so I decided to document the process here.
$ brew install newsbeuter
export LANG="en_US.UTF-8"
Copy and paste this into your favourite text editor, and save it at "~/scripts/launch_newsbeuter.sh".
#!/bin/bash # Script 2/2 of "Launching Newsbeuter from the Dock": "launch_newsbeuter.sh" # Requires "newsbeuter.app" to work. # See http://blog.ampli.fi/launching-newsbeuter-from-the-dock # Make sure we don't attempt to open multiple instances of Newsbeuter. killall newsbeuter # Remove the lock file in case we have killed the terminal with the previous # instance of Newsbeuter, which would leave the pid file orphaned, preventing # us from running a new instance. rm -f ~/.newsbeuter/cache.db.lock # Run Newsbeuter /usr/local/bin/newsbeuter
$ cd ~/scripts/ $ chmod u+x launch_newsbeuter.sh
# Script 1/2 of "Launching Newsbeuter from the Dock": "newsbeuter.app" # Requires "launch_newsbeuter.sh" to work. # See http://blog.ampli.fi/launching-newsbeuter-from-the-dock # # This AppleScript was copied from # http://damonparker.org/blog/2005/09/14/iterm-tricks/ tell application "iTerm" make new terminal tell the current terminal activate current session launch session "Default Session" tell the last session # Run the shell script that launches the terminal window that launches # Newsbeuter. write text "~/scripts/launch_newsbeuter.sh" end tell end tell end tell
Since I wrote the instructions after I’d finished the installation myself, I may have omitted some steps. As usual, comments are welcome.
There is in fact one problem with the setup: If iTerm is running with no open terminal windows, the script crashes with an error message saying 'Can't get «class Ctrm» of application "iTerm".' If anyone knows how to fix that, please leave a comment. I suspect it just needs an extra check for creating a new window if there isn’t one, but it’s already way too late look it up right now.
Drupal 8 has a built-in REST API that allows programmatical access to all the entities on a site. Similar functionality has been implemented for Drupal 7, in the RESTful Web Services (restws) module.
In project I’m working on, in preparation for upgrading a site to Drupal 8, we were looking into options for creating “D8 ready APIs for a D7 site”. The idea is to implement any new integrations (and to re-implement old ones) so that when we upgrade our Drupal from 7 to 8, the integrated systems won’t even notice it. I checked out the restws module as a potential option for that.
It turns out that the APIs are not identical: The URLs are different (“/node/” vs. “/entity/node/”) and the structure for the data that needs to be sent is different as well ({"type":"page","title":"test title"} vs. {"_links":{"type":{"href":"http://drupal-8.localhost/rest/type/node/page"}}, "title":[{"value":"test title"}]}). As such, restws isn’t going to work for us.
But, since I went through the trouble of adapting aalamaki’s test code to do some testing of my own, I decided to post the code here, as I couldn’t find a good example of creating nodes by doing POST requests against the restws API:
<?php
// Example code: Creating Drupal 7 nodes by POSTing from cURL in PHP:
$site = "127.0.0.1/d7";
$user = "someusername";
$pass = "theusersassword";
$crl = curl_init();
curl_setopt($crl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($crl, CURLOPT_USERAGENT, 'PHP script');
curl_setopt($crl, CURLOPT_COOKIEJAR, "/tmp/cookie.txt");
curl_setopt($crl, CURLOPT_COOKIEFILE, '/tmp/cookie.txt');
// Login
curl_setopt($crl, CURLOPT_URL,"http://" . $site . "/user/login");
curl_setopt($crl, CURLOPT_POST, TRUE);
curl_setopt($crl, CURLOPT_POSTFIELDS, "name=" . $user . "&pass=" . $pass . "&form_id=user_login");
curl_setopt($crl, CURLOPT_COOKIE, session_name() . '=' . session_id());
$ret = new stdClass;
$ret->response = curl_exec($crl);
$ret->error = curl_error($crl);
$ret->info = curl_getinfo($crl);
// Get RESTWS token.
curl_setopt($crl, CURLOPT_HTTPGET, TRUE);
curl_setopt($crl, CURLOPT_URL, 'http://' . $site . '/restws/session/token');
$ret = new stdClass;
$ret->response = curl_exec($crl);
$ret->error = curl_error($crl);
$ret->info = curl_getinfo($crl);
$token = $ret->response;
// Do the API call to create the node. Places tagged with "UPDATING" relate to updating existing nodes instead of creating new ones.
date_default_timezone_set("Europe/Helsinki");
$data = json_encode(array(
'type' => 'article', // UPDATING: Don't try to set the "type" for existing nodes.
'title' => 'It is a new article, created by ' . $user . ' at ' . date('c'),
));
// UPDATING: Use PUT instead of POST when updating a node
curl_setopt($crl, CURLOPT_POST, TRUE);
//curl_setopt($crl, CURLOPT_POST, FALSE);
//curl_setopt($crl, CURLOPT_CUSTOMREQUEST, "PUT");
// UPDATING: Add the node id when updating a node
//curl_setopt($crl, CURLOPT_URL, 'http://' . $site . '/node/1');
curl_setopt($crl, CURLOPT_URL, 'http://' . $site . '/node');
curl_setopt($crl, CURLOPT_HTTPGET, FALSE);
curl_setopt($crl, CURLOPT_POSTFIELDS, $data);
curl_setopt($crl, CURLOPT_HTTPHEADER, array('Content-Type: application/json', 'X-CSRF-Token: ' . $token));
$ret = new stdClass;
$ret->response = curl_exec($crl);
$ret->error = curl_error($crl);
$ret->info = curl_getinfo($crl);
//var_dump($ret);
curl_close ($crl);
unset($crl);
Week numbers are… confusing, to say at the least. There’s no instinctive connection (well, for me) between a date and the corresponding week number.
To make matters worse, there are multiple ways of numbering weeks. There’s the ISO-standard way, the way used in northern America, and another way that’s apparently used in the middle east (see Wikipedia).
So, just for the hell of it, I made a “handy” page that tells you if the ISO and US numbering systems are numbering the weeks the same way this year.
The resistor value calculator originally published here now supports 5-band resistors as well as 4-band ones. Also, larger ohm values are now shown with “k” and “M” suffixes. Improved resistor value calculator.
